xmlrpc.php 11.8 KB
Newer Older
redflo's avatar
redflo committed
1
<?php 
2
# $Id: /cvsroot/tikiwiki/tiki/xmlrpc.php,v 1.29.2.1 2008-03-01 16:07:37 lphuberdeau Exp $
3
include_once('tiki-setup.php');
4
require_once("XML/Server.php");
5
include_once('lib/blogs/bloglib.php');
6
if($prefs['feature_xmlrpc'] != 'y') {
7
  die;  
lrargerich's avatar
lrargerich committed
8
}
9 10 11 12 13 14 15 16 17 18
$map = array (
        "blogger.newPost" => array( "function" => "newPost"),
        "blogger.getUserInfo" => array( "function" => "getUserInfo"),
        "blogger.getPost" => array( "function" => "getPost"),
        "blogger.editPost" => array( "function" => "editPost"),
        "blogger.deletePost" => array( "function" => "deletePost"),
        "blogger.getRecentPosts" => array( "function" => "getRecentPosts"),
        "blogger.getUserInfo" => array( "function" => "getUserInfo"),
        "blogger.getUsersBlogs" => array( "function" => "getUserBlogs")
        
19
);
20
$s=new XML_RPC_Server( $map );
lfagundes's avatar
lfagundes committed
21

22 23 24 25 26 27 28 29 30 31 32 33 34
function check_individual($user,$blogid,$permName) {
  global $userlib;
  // If the user is admin he can do everything
  if($userlib->user_has_permission($user,'tiki_p_blog_admin')) return true;
  // If no individual permissions for the object then ok
  if(!$userlib->object_has_one_permission($blogid,'blog')) return true;
  // If the object has individual permissions then check
  // Now get all the permissions that are set for this type of permissions 'image gallery'
  if($userlib->object_has_permission($user,$blogId,'blog',$permName)) {
    return true;
  } else {
    return false;
  }          
lrargerich's avatar
lrargerich committed
35
}
36 37
/* Validates the user and returns user information */
function getUserInfo($params) {
38 39 40 41
 global $tikilib,$userlib;
 $appkeyp=$params->getParam(0); $appkey=$appkeyp->scalarval();
 $usernamep=$params->getParam(1); $username=$usernamep->scalarval();
 $passwordp=$params->getParam(2); $password=$passwordp->scalarval();
sylvieg's avatar
sylvieg committed
42 43
 list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
 if($ok) {
44 45 46 47 48 49
   $myStruct=new XML_RPC_Value(array("nickname" => new XML_RPC_Value($username),
                                 "firstname" => new XML_RPC_Value("none"),
                                 "lastname" => new XML_RPC_Value("none"),
                                 "email" => new XML_RPC_Value("none"),
                                 "userid" => new XML_RPC_Value("$username"),
                                 "url" => new XML_RPC_Value("none")
50
                                 ),"struct");
51
   return new XML_RPC_Response($myStruct);
52
 } else {
53
    return new XML_RPC_Response(0, 101, "Invalid username or password");
54
 } 
55
}
56
 
57 58
/* Posts a new submission to the CMS */
function newPost($params) {
59 60 61 62 63 64 65 66 67 68 69 70 71
  global $tikilib,$userlib,$bloglib;
  $appkeyp=$params->getParam(0); $appkey=$appkeyp->scalarval();
  $blogidp=$params->getParam(1); $blogid=$blogidp->scalarval();
  $usernamep=$params->getParam(2); $username=$usernamep->scalarval();
  $passwordp=$params->getParam(3); $password=$passwordp->scalarval();
  $passp=$params->getParam(4); $content=$passp->scalarval();
  $passp=$params->getParam(5); $publish=$passp->scalarval();
  
  // Fix for w.bloggar
  ereg("<title>(.*)</title>",$content, $title);
  $title = $title[1];
  $content = ereg_replace("<title>(.*)</title>","",$content);
  // Now check if the user is valid and if the user can post a submission
sylvieg's avatar
sylvieg committed
72 73
  list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
  if(!$ok) {
74
    return new XML_RPC_Response(0, 101, "Invalid username or password");
75 76 77 78
  }
 
  // Get individual permissions for this weblog if they exist
  if(!check_individual($username,$blogid,'tiki_p_blog_post') ) {
79
    return new XML_RPC_Response(0, 101, "User is not allowed to post to this weblog due to individual restrictions for this weblog");
80 81 82 83 84
  }
  
  // If the blog is not public then check if the user is the owner
  if(!$userlib->user_has_permission($username,'tiki_p_blog_admin')) {
    if(!$userlib->user_has_permission($username,'tiki_p_blog_post')) {
85
      return new XML_RPC_Response(0, 101, "User is not allowed to post");
86 87 88 89
    }
    $blog_info = $tikilib->get_blog($blogid);
    if($blog_info["public"]!='y') {
      if($username != $blog_info["user"]) {
90
        return new XML_RPC_Response(0, 101, "User is not allowed to post");
91 92 93 94 95 96 97
      }
    }
  }
  
  // User ok and can submit then submit the post
  $id = $bloglib->blog_post($blogid,$content,$username, $title);
   
98
  return new XML_RPC_Response(new XML_RPC_Value("$id"));
99 100 101
}
// :TODO: editPost
function editPost($params) {
102 103 104 105 106 107 108 109 110 111 112 113 114
  global $tikilib,$userlib,$bloglib;
  $appkeyp=$params->getParam(0); $appkey=$appkeyp->scalarval();
  $blogidp=$params->getParam(1); $postid=$blogidp->scalarval();
  $usernamep=$params->getParam(2); $username=$usernamep->scalarval();
  $passwordp=$params->getParam(3); $password=$passwordp->scalarval();
  $passp=$params->getParam(4); $content=$passp->scalarval();
  $passp=$params->getParam(5); $publish=$passp->scalarval();
  
  // Fix for w.bloggar
  ereg("<title>(.*)</title>",$content, $title);
  $title = $title[1];
  $content = ereg_replace("<title>(.*)</title>","",$content);
  // Now check if the user is valid and if the user can post a submission
sylvieg's avatar
sylvieg committed
115 116
  list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
  if(!$ok) {
117
    return new XML_RPC_Response(0, 101, "Invalid username or password");
118 119 120
  }
 
  if(!check_individual($username,$blogid,'tiki_p_blog_post') ) {
121
    return new XML_RPC_Response(0, 101, "User is not allowed to post to this weblog due to individual restrictions for this weblog therefor the user cannot edit a post");
122 123 124
  }
 
  if(!$userlib->user_has_permission($username,'tiki_p_blog_post')) {
125
    return new XML_RPC_Response(0, 101, "User is not allowed to post");
126 127 128 129 130
  }
  
  // Now get the post information
  $post_data = $bloglib->get_post($postid);
  if(!$post_data) {
131
    return new XML_RPC_Response(0, 101, "Post not found");
132 133 134 135
  }
  
  if($post_data["user"]!=$username) {
    if(!$userlib->user_has_permission($username,'tiki_p_blog_admin')) {
136
      return new XML_RPC_Response(0, 101, "Permission denied to edit that post since the post does not belong to the user");
137 138 139
    }
  }
 
140
  $id = $bloglib->update_post($postid,$blogid,$content,$username,$title);
141
  return new XML_RPC_Response(new XML_RPC_Value(1,"boolean"));
142 143 144
}
// :TODO: deletePost
function deletePost($params) {
145 146 147 148 149 150 151
  global $tikilib,$userlib,$bloglib;
  $appkeyp=$params->getParam(0); $appkey=$appkeyp->scalarval();
  $blogidp=$params->getParam(1); $postid=$blogidp->scalarval();
  $usernamep=$params->getParam(2); $username=$usernamep->scalarval();
  $passwordp=$params->getParam(3); $password=$passwordp->scalarval();
  $passp=$params->getParam(4); $publish=$passp->scalarval();
  // Now check if the user is valid and if the user can post a submission
sylvieg's avatar
sylvieg committed
152 153
  list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
  if(!$ok) {
154
    return new XML_RPC_Response(0, 101, "Invalid username or password");
155 156 157 158 159 160
  }
 
  
  // Now get the post information
  $post_data = $bloglib->get_post($postid);
  if(!$post_data) {
161
    return new XML_RPC_Response(0, 101, "Post not found");
162 163 164 165
  }
      
  if($post_data["user"]!=$username) {
    if(!$userlib->user_has_permission($username,'tiki_p_blog_admin')) {
166
      return new XML_RPC_Response(0, 101, "Permission denied to edit that post");
167 168 169 170
    }
  }
 
  $id = $bloglib->remove_post($postid);
171
  return new XML_RPC_Response(new XML_RPC_Value(1,"boolean"));
172 173 174 175 176
}
// :TODO: getTemplate
// :TODO: setTemplate
// :TODO: getPost
function getPost($params) {
177 178 179 180 181 182
  global $tikilib,$userlib,$bloglib;
  $appkeyp=$params->getParam(0); $appkey=$appkeyp->scalarval();
  $blogidp=$params->getParam(1); $postid=$blogidp->scalarval();
  $usernamep=$params->getParam(2); $username=$usernamep->scalarval();
  $passwordp=$params->getParam(3); $password=$passwordp->scalarval();
  // Now check if the user is valid and if the user can post a submission
sylvieg's avatar
sylvieg committed
183 184
  list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
  if(!$ok) {
185
    return new XML_RPC_Response(0, 101, "Invalid username or password");
186 187
  }
  if(!check_individual($username,$blogid,'tiki_p_blog_post') ) {
188
    return new XML_RPC_Response(0, 101, "User is not allowed to post to this weblog due to individual restrictions for this weblog");
189 190 191
  }
 
  if(!$userlib->user_has_permission($username,'tiki_p_blog_post')) {
192
    return new XML_RPC_Response(0, 101, "User is not allowed to post");
193 194
  }
  if(!$userlib->user_has_permission($username,'tiki_p_read_blog')) {
195
      return new XML_RPC_Response(0, 101, "Permission denied to read this blog");
196 197 198 199 200
  }
  
  // Now get the post information
  $post_data = $bloglib->get_post($postid);
  if(!$post_data) {
201
    return new XML_RPC_Response(0, 101, "Post not found");
202 203 204
  }
  $dateCreated=$tikilib->get_iso8601_datetime($post_data["created"]);    
  // added dateTime type for blogger compliant xml tag Joerg Knobloch <joerg@happypenguins.net>
205 206
  $myStruct=new XML_RPC_Value(array("userid" => new XML_RPC_Value($username),
"dateCreated" => new XML_RPC_Value($dateCreated, "dateTime.iso8601"),
207
// Fix for w.Bloggar
208 209
"content" => new XML_RPC_Value("<title>" . $post_data["title"] . "</title>" . $post_data["data"]),
"postid" => new XML_RPC_Value($post_data["postId"])
210 211 212 213 214
),"struct");
  
 
  // User ok and can submit then submit an article
  
215
  return new XML_RPC_Response($myStruct);
216 217 218
}
// :TODO: getRecentPosts
function getRecentPosts($params) {
219 220 221 222 223 224 225
  global $tikilib,$userlib,$bloglib;
  $appkeyp=$params->getParam(0); $appkey=$appkeyp->scalarval();
  $blogidp=$params->getParam(1); $blogid=$blogidp->scalarval();
  $usernamep=$params->getParam(2); $username=$usernamep->scalarval();
  $passwordp=$params->getParam(3); $password=$passwordp->scalarval();
  $passp=$params->getParam(4); $number=$passp->scalarval();
  // Now check if the user is valid and if the user can post a submission
sylvieg's avatar
sylvieg committed
226 227
  list($ok, $username, $e) = $userlib->validate_user($username,$password,'','');
  if(!$ok) {
228
    return new XML_RPC_Response(0, 101, "Invalid username or password");
229 230 231
  }
  
  if(!check_individual($username,$blogid,'tiki_p_blog_post') ) {
232
    return new XML_RPC_Response(0, 101, "User is not allowed to post to this weblog due to individual restrictions for this weblog therefore the user cannot edit a post");
233 234 235
  }
  
  if(!$userlib->user_has_permission($username,'tiki_p_blog_post')) {
236
    return new XML_RPC_Response(0, 101, "User is not allowed to post");
237 238 239 240 241
  }
  
  // Now get the post information
  $posts = $bloglib->list_blog_posts($blogid, 0, $number,'created_desc', '', '');
  if(count($posts)==0) {
242
    return new XML_RPC_Response(0, 101, "No posts");
243 244 245 246 247
  }
  $arrayval = Array();
  foreach($posts["data"] as $post) {
    
    $dateCreated=$tikilib->get_iso8601_datetime($post["created"]);    
248 249
    $myStruct=new XML_RPC_Value(array("userid" => new XML_RPC_Value($username),
  "dateCreated" => new XML_RPC_Value($dateCreated, "dateTime.iso8601"),
250
  // Fix for w.Bloggar
251 252
  "content" => new XML_RPC_Value("<title>" . $post["title"] . "</title>" . $post["data"]),
  "postid" => new XML_RPC_Value($post["postId"])
253 254 255 256 257 258
  ),"struct");
    $arrayval[]=$myStruct;
  }  
 
  // User ok and can submit then submit an article
  
259 260
 $myVal=new XML_RPC_Value($arrayval, "array");
 return new XML_RPC_Response($myVal);
261 262 263 264
}
// :TODO: tiki.tikiPost
/* Get the topics where the user can post a new */
function getUserBlogs($params) {
265 266 267 268 269 270 271
 global $tikilib,$userlib,$bloglib;
 $appkeyp=$params->getParam(0); $appkey=$appkeyp->scalarval();
 $usernamep=$params->getParam(1); $username=$usernamep->scalarval();
 $passwordp=$params->getParam(2); $password=$passwordp->scalarval();
 
 $arrayVal=Array();
 
272
 $blogs = $tikilib->list_user_blogs($username,true);
273
 $foo = parse_url($_SERVER["REQUEST_URI"]);
274
 $foo1=$tikilib->httpPrefix().str_replace("xmlrpc","tiki-view_blog",$foo["path"]);
275
 foreach($blogs as $blog) {
276 277 278
   $myStruct=new XML_RPC_Value(array("blogName" => new XML_RPC_Value($blog["title"]),
                               "url" => new XML_RPC_Value($foo1."?blogId=".$blog["blogId"]),
                               "blogid" => new XML_RPC_Value($blog["blogId"])),"struct");
279 280 281
   $arrayVal[] = $myStruct;                              
 }
 
282 283
 $myVal=new XML_RPC_Value($arrayVal, "array");
 return new XML_RPC_Response($myVal);
284
}